CVE-2025-61100 is a vulnerability identified in the FRRouting (FRR) suite, a widely used open-source routing software that supports multiple routing protocols including OSPF. The flaw exists in the ospf_opaque_lsa_dump function within the ospf_opaque.c source file, where a NULL pointer dereference can occur when processing malformed OSPF opaque LSAs (Link State Advertisements). This vulnerability affects all FRR versions from 2.0 up to 10.4.1. When exploited, an attacker can send specially crafted OSPF opaque LSAs to a vulnerable FRR instance, causing the routing daemon to crash and resulting in a denial of service (DoS). The vulnerability does not require any privileges or authentication, and no user interaction is needed, making it remotely exploitable over the network. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector, low attack complexity, no privileges required, and a direct impact on availability without affecting confidentiality or integrity. Although no public exploits are currently known, the flaw poses a significant risk to network stability, particularly in environments where FRR is used for OSPF routing in critical infrastructure or service provider networks. The underlying cause is a NULL pointer dereference (CWE-476), a common programming error that leads to application crashes when dereferencing invalid memory pointers. No official patches or fixes are listed yet, so mitigation currently relies on network-level controls and monitoring for malformed OSPF LSAs.

The primary impact of CVE-2025-61100 is a denial of service condition affecting network routing infrastructure. For European organizations, especially ISPs, data centers, and enterprises relying on FRRouting for OSPF routing, exploitation could lead to routing daemon crashes, resulting in network outages or degraded connectivity. This can disrupt critical services, cause loss of availability for internal and external communications, and potentially impact dependent business operations. In sectors such as telecommunications, finance, energy, and government, where network reliability is paramount, such outages could have cascading effects, including regulatory non-compliance and financial losses. The vulnerability’s remote exploitability without authentication increases the risk of opportunistic attacks or targeted disruptions by threat actors. Although confidentiality and integrity are not directly affected, the loss of availability in routing infrastructure can indirectly compromise overall network security posture and operational continuity.

1. Monitor FRRouting project channels and security advisories for official patches addressing CVE-2025-61100 and apply them promptly once available. 2. In the interim, implement network-level filtering to block or rate-limit malformed OSPF opaque LSAs, using firewall rules or OSPF protocol filters on routers and switches. 3. Employ anomaly detection systems to identify unusual OSPF LSA traffic patterns that may indicate exploitation attempts. 4. Segment network routing domains to limit the blast radius of potential DoS attacks targeting OSPF. 5. Regularly audit and update routing software to supported versions, and avoid running outdated FRR versions vulnerable to known issues. 6. Coordinate with upstream providers and peers to ensure they are aware of the vulnerability and encourage them to implement similar mitigations. 7. Maintain robust incident response plans focused on network outages to minimize downtime if exploitation occurs. 8. Consider deploying redundant routing paths and failover mechanisms to maintain availability during routing daemon failures.